Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-5490

The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.

Published

2015-08-18T17:59:31.833

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	views_project	views	7.x-3.5	Yes
Application	views_project	views	7.x-3.6	Yes
Application	views_project	views	7.x-3.7	Yes
Application	views_project	views	7.x-3.8	Yes
Application	views_project	views	7.x-3.10	Yes

References

http://cgit.drupalcode.org/views/commit/?id=cef693b ([email protected])
http://www.openwall.com/lists/oss-security/2015/07/04/4 ([email protected])
http://www.securityfocus.com/bid/74462 ([email protected])
https://www.drupal.org/node/2475669 Exploit ([email protected])
https://www.drupal.org/node/2480259 Patch ([email protected])
https://www.drupal.org/node/2480327 Patch, Vendor Advisory ([email protected])
http://cgit.drupalcode.org/views/commit/?id=cef693b (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2015/07/04/4 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74462 (af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/node/2475669 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/node/2480259 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/node/2480327 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)